diff --git a/group_vars/all b/group_vars/all
index 4b3526b32f2b3cb9c9ec85d05c16f46ef134ad7a..597cc00a9efb94430c3d1ada69ffa7d30a24d633 100644
--- a/group_vars/all
+++ b/group_vars/all
@@ -1 +1,7 @@
-# Globale Variablen für alle Server 
+# Globale Variablen für alle Server
+
+# IP Adresse des LDAP Servers
+# Extern läuft auf dem webserver
+ldap_ip_ext: 10.0.20.2
+# int ist noch ungenutzt / später replikation in der Zone
+ldap_ip_int: 10.0.20.2
diff --git a/warpsrvint/docker_grafana/templates/ldap.toml b/warpsrvint/docker_grafana/templates/ldap.toml
index dad2a61871b7a8d71ad12cb90f51ef5a6af4a8e0..57087195a7fc0120c708905ef31856721a27aa30 100644
--- a/warpsrvint/docker_grafana/templates/ldap.toml
+++ b/warpsrvint/docker_grafana/templates/ldap.toml
@@ -3,7 +3,7 @@ verbose_logging = false
 
 [[servers]]
 # Ldap server host (specify multiple hosts space separated)
-host = "10.0.20.2"
+host = "{{ ldap_ip_ext }}"
 # Default port is 389 or 636 if use_ssl = true
 port = 389
 # Set to true if ldap server supports TLS
diff --git a/warpsrvint/docker_warpinfra/templates/config.ini b/warpsrvint/docker_warpinfra/templates/config.ini
index 8eaf5ff746f0ca783fe962c7c98205995850d32f..67e6e525a1aceeb3d93a8bb2e767113e27f84795 100644
--- a/warpsrvint/docker_warpinfra/templates/config.ini
+++ b/warpsrvint/docker_warpinfra/templates/config.ini
@@ -1,6 +1,6 @@
 
-[common] 
-# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay 
+[common]
+# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay
 APPS = warpmain, warpauth, warppay
 
 INSTANCE_NAME = 'INTERN-PRODUKTIV'
@@ -19,14 +19,14 @@ ALLOWED_HOSTS = infra.warpzone
 API_KEY = ''
 
 [mysql]
-MYSQL_HOST = mysql 
-MYSQL_PORT = 3306 
+MYSQL_HOST = mysql
+MYSQL_PORT = 3306
 MYSQL_USER = warpinfra
 MYSQL_PASS = {{ mysql_user_pw }}
 MYSQL_NAME = warpinfra
 
 [ldap]
-LDAP_HOST = 10.0.20.2
+LDAP_HOST = {{ ldap_ip_ext }}
 LDAP_BIND_DN = cn=admin,dc=warpzone,dc=ms
 LDAP_PASSWORD = {{ ldap_admin_pass }}
 
diff --git a/warpsrvint/docker_warpinfratest/templates/config.ini b/warpsrvint/docker_warpinfratest/templates/config.ini
index e18f6b8b963e3cd507fefe84f5d6408386a20ab9..c56d51407897f9570f36128d44d2067c7a8834c2 100644
--- a/warpsrvint/docker_warpinfratest/templates/config.ini
+++ b/warpsrvint/docker_warpinfratest/templates/config.ini
@@ -1,6 +1,6 @@
 
-[common] 
-# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay 
+[common]
+# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay
 APPS = warpmain, warpauth, warppay
 
 INSTANCE_NAME = 'INTERN-TEST'
@@ -19,14 +19,14 @@ ALLOWED_HOSTS = infra-test.warpzone
 API_KEY = ''
 
 [mysql]
-MYSQL_HOST = db 
-MYSQL_PORT = 3306 
+MYSQL_HOST = db
+MYSQL_PORT = 3306
 MYSQL_USER = warpinfra
 MYSQL_PASS = {{ mysql_user_pw }}
 MYSQL_NAME = warpinfra
 
 [ldap]
-LDAP_HOST = 10.0.20.2
+LDAP_HOST = {{ ldap_ip_ext }}
 LDAP_BIND_DN = cn=admin,dc=warpzone,dc=ms
 LDAP_PASSWORD = {{ ldap_admin_pass }}
 
diff --git a/webserver/docker_gitlab/templates/gitlab.rb b/webserver/docker_gitlab/templates/gitlab.rb
index 1131f327ef8ef2dc29a3e1e0823a43a5e23842d5..9116ec14904701a2aa54458f1245c04652cc49a4 100644
--- a/webserver/docker_gitlab/templates/gitlab.rb
+++ b/webserver/docker_gitlab/templates/gitlab.rb
@@ -92,7 +92,7 @@ gitlab_rails['gitlab_default_projects_features_issues'] = false
 ldap_servers_template = <<-'EOS'
   main:
     label: 'LDAP'
-    host: '10.0.20.2'
+    host: '{{ ldap_ip_ext }}'
     port: 389
     uid: 'uid'
     method: 'plain'
@@ -108,7 +108,7 @@ ldap_servers_template = <<-'EOS'
       last_name: 'sn'
 EOS
 
-# Replace LDAP Server IP fron Environment variable 
+# Replace LDAP Server IP fron Environment variable
 # which is set by the Docker Link
 ldap_servers = ldap_servers_template % ENV['LDAP_PORT_389_TCP_ADDR']
 
diff --git a/webserver/docker_ldap/tasks/main.yml b/webserver/docker_ldap/tasks/main.yml
index d5ad36693c8528ebf62acb1c7cf4219f46234a2c..6c250ac0a17316a7c6aa3c45a31408d92a969a82 100644
--- a/webserver/docker_ldap/tasks/main.yml
+++ b/webserver/docker_ldap/tasks/main.yml
@@ -1,9 +1,9 @@
 ---
-# Einige Secrets sind auf dem Server lokal gespeichert und werden von dort gelesen 
-# Auslesen der Dateien vom Server, zwischengespeicert wird in der Variable gitlab_secrets 
-# Anschließend müssen die entsprechenden Einträge aus gitlab_secrets extrahiert werden  
-# Die Daten, die von Slurp gelesen werden sind Base64 codiert 
-# Zur Sicherheit werden Whitespace-Zeichen entfert, damit z.B. Zeilenumbrüche nicht übernommen werden 
+# Einige Secrets sind auf dem Server lokal gespeichert und werden von dort gelesen
+# Auslesen der Dateien vom Server, zwischengespeicert wird in der Variable gitlab_secrets
+# Anschließend müssen die entsprechenden Einträge aus gitlab_secrets extrahiert werden
+# Die Daten, die von Slurp gelesen werden sind Base64 codiert
+# Zur Sicherheit werden Whitespace-Zeichen entfert, damit z.B. Zeilenumbrüche nicht übernommen werden
 
 - name: get secrets from server 1
   slurp: src={{ item }}
@@ -13,27 +13,27 @@
   register: ldap_secrets
 
 - name: get secrets from server 2
-  set_fact: 
-    ldap_admin_pass: "{{ ldap_secrets.results | selectattr('item', 'equalto', '/srv/ldap/secret/ldap_admin_pass') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}" 
-    ldap_readonly_pass: "{{ ldap_secrets.results | selectattr('item', 'equalto', '/srv/ldap/secret/ldap_readonly_pass') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}" 
+  set_fact:
+    ldap_admin_pass: "{{ ldap_secrets.results | selectattr('item', 'equalto', '/srv/ldap/secret/ldap_admin_pass') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}"
+    ldap_readonly_pass: "{{ ldap_secrets.results | selectattr('item', 'equalto', '/srv/ldap/secret/ldap_readonly_pass') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}"
 
 - name: create folder struct for ldap
-  file: 
-    path: "/srv/ldap" 
+  file:
+    path: "/srv/ldap"
     state: "directory"
 
 - name: create folder struct for ldap
-  file: 
-    path: "/srv/ldap/database" 
+  file:
+    path: "/srv/ldap/database"
     state: "directory"
 
 - name: create folder struct for ldap
-  file: 
-    path: "/srv/ldap/config" 
+  file:
+    path: "/srv/ldap/config"
     state: "directory"
-  
+
 - name: start ldap docker
-  docker_container: 
+  docker_container:
     name: ldap-service
     image: osixia/openldap:1.1.6
     hostname: ldap-service
@@ -45,21 +45,21 @@
     env:
       LDAP_ORGANISATION: Warpzone
       LDAP_DOMAIN: warpzone.ms
-      LDAP_ADMIN_PASSWORD: "{{ ldap_admin_pass }}" 
+      LDAP_ADMIN_PASSWORD: "{{ ldap_admin_pass }}"
       LDAP_READONLY_USER: true
       LDAP_READONLY_USER_USERNAME: readonly
       LDAP_READONLY_USER_PASSWORD: "{{ ldap_readonly_pass }}"
     ports:
-      - 10.0.20.2:389:389
-      - 10.0.20.2:636:636
-      
+      - {{ ldap_ip_ext }}:389:389
+      - {{ ldap_ip_ext }}:636:636
+
 - name: start phpldapadmin docker
-  docker_container: 
+  docker_container:
     name: phpldapadmin-app
     image: osixia/phpldapadmin:0.6.11
     state: started
     restart_policy: always
-    env: 
+    env:
       PHPLDAPADMIN_LDAP_HOSTS: ldap-host
       PHPLDAPADMIN_HTTPS: false
       PHPLDAPADMIN_TRUST_PROXY_SSL: true
@@ -67,4 +67,3 @@
       - ldap-service:ldap-host
     ports:
       - 127.0.0.1:42004:80
-
diff --git a/webserver/docker_warpinfra/templates/config.ini b/webserver/docker_warpinfra/templates/config.ini
index 90a48621cf339463ba6b47d4f67c7ac21b1e7942..a68e2a3c53c95bf067cbec439c3da630497a6943 100644
--- a/webserver/docker_warpinfra/templates/config.ini
+++ b/webserver/docker_warpinfra/templates/config.ini
@@ -1,6 +1,6 @@
 
-[common] 
-# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay 
+[common]
+# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay
 APPS = warpmain, warpauth, warpfood
 
 INSTANCE_NAME = 'EXTERN-PRODUKTIV'
@@ -19,14 +19,14 @@ ALLOWED_HOSTS = infra.warpzone.ms
 API_KEY = {{mattermost_api_key}}
 
 [mysql]
-MYSQL_HOST = db 
-MYSQL_PORT = 3306 
+MYSQL_HOST = db
+MYSQL_PORT = 3306
 MYSQL_USER = warpinfra
 MYSQL_PASS = {{ mysql_user_pw }}
 MYSQL_NAME = warpinfra
 
 [ldap]
-LDAP_HOST = 10.0.20.2
+LDAP_HOST = {{ ldap_ip_ext }}
 LDAP_BIND_DN = cn=admin,dc=warpzone,dc=ms
 LDAP_PASSWORD = {{ ldap_admin_pass }}
 
diff --git a/webserver/docker_warpinfratest/templates/config.ini b/webserver/docker_warpinfratest/templates/config.ini
index dc846db63e66bcc6b40ea5ff4bf6a57ae3a9f75e..9b83d65118a0750370d0c3c4a067f7f755d3a542 100644
--- a/webserver/docker_warpinfratest/templates/config.ini
+++ b/webserver/docker_warpinfratest/templates/config.ini
@@ -1,6 +1,6 @@
 
-[common] 
-# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay 
+[common]
+# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay
 APPS = warpmain, warpauth, warpfood, warpapi
 
 INSTANCE_NAME = 'EXTERN-TEST'
@@ -19,14 +19,14 @@ ALLOWED_HOSTS = infra.warpzone.ms
 API_KEY = {{mattermost_api_key}}
 
 [mysql]
-MYSQL_HOST = db 
-MYSQL_PORT = 3306 
+MYSQL_HOST = db
+MYSQL_PORT = 3306
 MYSQL_USER = warpinfra
 MYSQL_PASS = {{ mysql_user_pw }}
 MYSQL_NAME = warpinfra
 
 [ldap]
-LDAP_HOST = 10.0.20.2
+LDAP_HOST = {{ ldap_ip_ext }}
 LDAP_BIND_DN = cn=admin,dc=warpzone,dc=ms
 LDAP_PASSWORD = {{ ldap_admin_pass }}
 
diff --git a/webserver/openvpn/templates/warpzone-up.sh b/webserver/openvpn/templates/warpzone-up.sh
index bb922e2b94d3bfebe2e62fe45d97445c37acf264..2a0ca20807d71eb6c3e3bf495b26cd20ce25cb53 100644
--- a/webserver/openvpn/templates/warpzone-up.sh
+++ b/webserver/openvpn/templates/warpzone-up.sh
@@ -2,6 +2,5 @@
 # the interface name is passed as first argument ($1)
 
 #modprobe ip_tables
-#iptables -t nat -I PREROUTING -p tcp -d 10.0.20.2/32 --dport 389 -j DNAT --to-destination 127.0.0.1:389
-#iptables -t nat -I PREROUTING -p tcp -d 10.0.20.2/32 --dport 636 -j DNAT --to-destination 127.0.0.1:636
-
+#iptables -t nat -I PREROUTING -p tcp -d {{ ldap_ip_ext }}/32 --dport 389 -j DNAT --to-destination 127.0.0.1:389
+#iptables -t nat -I PREROUTING -p tcp -d {{ ldap_ip_ext }}/32 --dport 636 -j DNAT --to-destination 127.0.0.1:636